2019-04-23 UTC
# 
cjslep[m] The problem with forwarding an HTTP signature is, for ex: what if the Date header is signed? You can't forward the signature without forging a fake Date header now. The naive approach of writing Application level logic to introspect such headers to determine whether to forward or not is a rather... crude and awful (to put it nicely) band aid.